Composefs-native backend #1314
Composefs-native backend #1314
Conversation
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
cd42079 to
b3d1952
Compare
lib/src/install.rs
Outdated
| .create_dir_all("composefs") | ||
| .context("Creating dir 'composefs'")?; | ||
|
|
||
| tracing::warn!("STATE: {state:#?}"); |
There was a problem hiding this comment.
I'd recommend dbg! for this type of stuff; it will build locally but not pass CI so it can't be accidentally merged.
There was a problem hiding this comment.
I intend to remove all these logs. They were only for debugging purposes
There was a problem hiding this comment.
Yep that makes sense, what I meant is that use dbg! locally. (Or use tracing::debug! and keep the tracing in there and just use the tracing selector to ensure you see what you want...we are really chatty with a big env RUST_LOG=debug unfortunately today, mostly in container fetches)
lib/src/cli.rs
Outdated
| @@ -1199,7 +1199,7 @@ async fn run_from_opt(opt: Opt) -> Result<()> { | |||
| let fd = | |||
| std::fs::File::open(&path).with_context(|| format!("Reading {path}"))?; | |||
| let digest: fsverity::Sha256HashValue = fsverity::measure_verity(&fd)?; | |||
| let digest = hex::encode(digest); | |||
| let digest = digest.to_hex(); | |||
There was a problem hiding this comment.
I think this should be squashed with the previous commit, and it may make sense to have a "bump composefs-rs" prep PR split out right?
There was a problem hiding this comment.
Right, that makes sense. I'll put this in a separate PR
lib/src/install.rs
Outdated
| async fn install_to_filesystem_impl( | ||
| state: &State, | ||
| rootfs: &mut RootSetup, | ||
| cleanup: Cleanup, | ||
| composefs: bool, |
There was a problem hiding this comment.
I think this would make sense as part of state
There was a problem hiding this comment.
I was conflicted on where to put this. Thanks for the review. I'll add this to State
lib/src/install.rs
Outdated
| &imgstore, | ||
| ) | ||
| .await?; | ||
| tracing::warn!( |
There was a problem hiding this comment.
Same comment re dbg! or this one could also make sense as a tracing::debug! that gets left in right?
There was a problem hiding this comment.
Ah, yes. We can keep this one as debug
The branding here is a bit confusing because of course, bootc already uses composefs. Just the https://github.com/composefs/composefs/ version, and that is "indirectly" via ostree. Bigger picture I think what we're trying to aim for here primarily is "sealed" images right? In that case then, one thing I think would make sense is that we don't even have an option to install - we determine what to do by inspecting the container. It does of course make sense to eventually support unsealed images this way too...which will be extremely important for eventually migrating existing ostree systems. There's an enormous set of details there though. So my proposal in a nutshell:
|
I think this works. Or we could have
Curious about this. Is there a reason we'd want composfs native storage in this case? |
Isn't the whole idea that we're aiming for the sealed case? |
|
I'll be getting back to this PR next Monday. Been working on a separate issue this week... |
lib/src/install/baseline.rs
Outdated
| @@ -403,6 +409,8 @@ pub(crate) fn install_create_rootfs( | |||
| "root", | |||
| opts.wipe, | |||
| mkfs_options.iter().copied(), | |||
| // TODO: Add cli option for this | |||
| Some(uuid::uuid!("6523f8ae-3eb1-4e2a-a05a-18b695ae656f")), | |||
There was a problem hiding this comment.
It looks like you chose the alpha architecture uuid; it'd make sense potentially to use the DPS UUIDs by default for to-disk but that will require some work.
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
5979f04 to
42632ce
Compare
lib/src/install.rs
Outdated
| let esp_devices = [COREOS_ESP_PART_LABEL, ANACONDA_ESP_PART_LABEL] | ||
| .into_iter() | ||
| .map(|p| Path::new("/dev/disk/by-partlabel/").join(p)); |
There was a problem hiding this comment.
Two things
- We shouldn't use
/dev/disk/by-partlabelbecause that's global state, in the general case we may be creating partitions on a loopback mounted device and don't want to touch any global state - There's a well known UUID for the ESP to use
Combining these, see https://github.com/coreos/bootupd/blob/92a8fe2326e35d893afbe464857408c403d9e7ea/src/blockdev.rs#L41 which perhaps we could move into this codebase and have bootupd use it (because bootupd already uses bootc).
There was a problem hiding this comment.
Ah, okay I'll update to not use by-partlabel
perhaps we could move into this codebase and have bootupd use it (because bootupd already uses bootc)
I found this little bit weird, as I feel like this should be the other way around. Is there a reason why bootc uses the bootupctl command rather than the bootup crate?
There was a problem hiding this comment.
Is there a reason why bootc uses the bootupctl command rather than the bootup crate?
Well...unless we took over that CLI, that'd mean we duplicate the code.
lib/src/install.rs
Outdated
| create_dir_all(&boot_dir).context("Failed to create boot dir")?; | ||
|
|
||
| // Add the user grug cfg | ||
| let grub_user_config = format!( |
There was a problem hiding this comment.
In my ideal world grub related things live in bootupd, not in this project.
And even better if we can make this a static configuration...where grub basically implements the BLS spec and finds things in /EFI/Linux on its own right?
There was a problem hiding this comment.
It makes sense to put this in bootupd, but upon discussions with @travier we're still debating on whether we want to push systemd-boot or not, so this is more or less temporary
There was a problem hiding this comment.
This part of the GRUB config can not be generated by bootup as it is the deployment boot order in the UKI + GRUB case. See: containers/composefs-rs#38 (comment)
There was a problem hiding this comment.
It's not possible to use the BLS spec partial support in GRUB to boot UKI. It does not support the key that we need to do so, thus why we generate GRUB config snippets: ostreedev/ostree#2753 (comment)
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
25602da to
7dcc0fc
Compare
ostree-ext/src/container_utils.rs
Outdated
|
|
||
| /// Returns true if the system appears to have been booted with composefs. | ||
| pub fn composefs_booted() -> io::Result<bool> { | ||
| let cmdline = std::fs::read_to_string("/proc/cmdline")?; |
There was a problem hiding this comment.
We should use a proper kernel argument parser in general. It's actually a bit complicated because of quoting. systemd has a good version of course, and we have one in C in ostree. It'd probably make sense to make a dedicated one.
There was a problem hiding this comment.
We could build our own parser? @travier suggested https://github.com/rust-bakery/nom for parsing Grub menuentries. Maybe we could use it for parsing kernel cmdline as well?
There was a problem hiding this comment.
I have written what feels like a million various nom parsers for Advent of Code over the years, I could probably throw something together for kernel cmdline in short order. Seems to be well-documented at https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html
There was a problem hiding this comment.
Sure, I'm good to make a new small internal crate for this. But I wouldn't try to just greenfield it though, but reference existing parsers. I think https://github.com/ostreedev/ostree/blob/main/src/libostree/ostree-kernel-args.c is correct, as is the systemd version.
There was a problem hiding this comment.
Sorry I forgot we already have https://github.com/bootc-dev/bootc/blob/main/lib/src/kernel.rs and to combine with the chat yes let's for now just take the code from https://github.com/containers/composefs-rs/blob/d5455222f282200913902f29c66d5f625ca5661f/crates/composefs-boot/src/cmdline.rs#L9 but what we IMO must do when parsing /proc/cmdline is use to_utf8_lossy or so so we don't bomb out if the kernel commandline somehow has non-UTF8 data.
lib/src/bls_config.rs
Outdated
There was a problem hiding this comment.
👍 for a first pass, but skimming through the boot loader specification document there's a lot more to this. Probably enough so that it would make sense to spin this off into its own crate, I'm sure others would find it to be useful outside of bootc.
There was a problem hiding this comment.
Probably enough so that it would make sense to spin this off into its own crate,
Yes I had the same thought, was one of the motivations for #1413
I'm sure others would find it to be useful outside of bootc.
Probably though I'd say we should probably not at the current time try to go all the way into making it a real published crate unless we had a reason to believe that there was another possible concrete user.
lib/src/install.rs
Outdated
| async fn initialize_composefs_repository( | ||
| state: &State, | ||
| root_setup: &RootSetup, | ||
| ) -> Result<(Sha256Digest, impl FsVerityHashValue)> { |
There was a problem hiding this comment.
I think we should return the repository object too.
There was a problem hiding this comment.
Yeah, I missed it
lib/src/install.rs
Outdated
| #[context("Setting up BLS boot")] | ||
| pub(crate) fn setup_composefs_bls_boot( | ||
| setup_type: BootSetupType, | ||
| // TODO: Make this generic |
There was a problem hiding this comment.
Yeah but you know the problem here is...it will basically infect most of the bootc codebase with a generic - the same way it did in composefs-rs. That's going to be super painful.
We had part of this debate in containers/composefs-rs#105 and I'm still kind of skeptical that generics make sense overall. (The especially important argument here is that we may want to defer until runtime i.e. via some repository configuration or other state which digest we use) and that will mean we basically double 70% (yes number made up) of the code generated.
A potential thing in the future is to support migrating from sha256 to sha512 for example, and then we'd need two instantations of Repository for each.
There was a problem hiding this comment.
lib/src/bls_config.rs
Outdated
| } | ||
| } | ||
|
|
||
| pub(crate) fn parse_bls_config(input: &str) -> Result<BLSConfig> { |
There was a problem hiding this comment.
This sort of thing I would normally impl TryFrom<&str> for BLSConfig. I think it makes it more obvious what is going on when you use it like let foo = BLSConfig::try_from(&some_str)?; Plus for free you also get the inverse of let foo: BLSConfig = some_str.try_into()?;
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
7dcc0fc to
04f048f
Compare
|
We had a live chat about this and decided to make a branch in this repo for it so multiple people can collaborate! |
|
Created in https://github.com/bootc-dev/bootc/tree/composefs-backend (That said we still need to convert to e.g. https://clowarden.io/ ) |
Instead of using `write_boot_simple` from composefs-rs, have custom logic in bootc to write UKIs and Grub menuentries Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Use `atomic_write` from `cap_std` crate Get rid of `opeanat` crate Call `fsync` after write to disk Signed-off-by: Johan-Liebert1 <[email protected]>
Johan-Liebert1
force-pushed
the
composefs-backend
branch
2 times, most recently
from
f068622 to
72bd34b
Compare
Remove `--boot` option as we can get it from the image itself. Allow `--insecure` option to `--composefs-native` to make fsverity validation optional in case the filesystem does not support it. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Parse the Grub menuentry file, `boot/grub2/user.cfg` to get a list of bootable UKIs and figure out if a rollback is currently queued. Signed-off-by: Johan-Liebert1 <[email protected]>
Returning a local reference to a `&str` is quite tricky with rust. Update `title` and `chainloader`, the two dynamic fields in the grub menuentry, to be `String` instead of `&str` Signed-off-by: Johan-Liebert1 <[email protected]>
We parse the grub menuentries, get the rollback deployment then perform the rollback, which basically consists of writing a new .staged menuentry file then atomically swapping the staged and the current menuentry. Rollback while there is a staged deployment is still to be handled. Signed-off-by: Johan-Liebert1 <[email protected]>
…iles Signed-off-by: Johan-Liebert1 <[email protected]>
If two deployments have the same VMLinuz + Initrd then, we can use the same binaries for both the deployments. Before writing the BLS entries to disk we calculate the SHA256Sum of VMLinuz + Initrd combo, then test if any other deployment has the same SHA256Sum for the binaries. Store the hash in the origin file under `boot -> hash` for future lookups. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Centralize all constants in a separate file Signed-off-by: Johan-Liebert1 <[email protected]>
Instead of `/sysroot/state/os/fedora` use `/sysroot/state/os/default` as the default state directory. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
Instaed of writing all present menuentries, only write the menuentry for switch/upgrade and the menuentry for the currently booted deployment. Signed-off-by: Johan-Liebert1 <[email protected]>
Signed-off-by: Johan-Liebert1 <[email protected]>
This allows for easier testing Signed-off-by: Pragyan Poudyal <[email protected]>
Add tests for functions `get_sorted_bls_boot_entries` and `get_sorted_uki_boot_entries` Signed-off-by: Pragyan Poudyal <[email protected]>
Johan-Liebert1
force-pushed
the
composefs-backend
branch
from
72bd34b to
3d2385d
Compare
|
Two things:
|
Related to: #1190
A draft for installing and booting using
composefs-rs.install to-diskwith--composefs-nativeoptioninstall to-filesystemwith--composefs-nativeoptionbootc statusbootc switch,bootc upgradeandbootc rollback. Some edge cases need handling, such as rolling back while a deployment is staged. Currently staged deployment WILL be booted on the next reboot regardless of rolling back.Issues:
continers-storage, viz, #117. Needs some ironing out. Donecomposfs-rscomponents, namelycomposfs-setup-rootI have a few logs being logged as warning, just for visibility. Will remove them when it's ready.
Same with
composefs-rspatch incargo.toml